[TheRecord] Senate committee advances major cybersecurity legislation

The Senate Homeland Security Committee on Wednesday advanced to two bills aimed at boosting the U.S. government’s insight into cyberattacks on critical infrastructure operators and the private sector, as well as federal agencies.

The committee approved by voice vote the Cyber Incident Reporting Act, which would give critical infrastructure owners and operators up to 72 hours to report hacks and 24 hours to divulge ransom payments. The bill differs from one introduced earlier this year by the Senate Intelligence Committee that proposed a 24-hour window.

The Senate Homeland legislation mirrors a bipartisan measure from the House Homeland Security Committee that was attached to that chamber’s annual defense policy bill as an amendment.

The senate bill, which was released last month by Chair Gary Peters (D-Mich.) and Ranking Member Rob Portman (R-Ohio), also took on ransomware by requiring organizations, including businesses with more than 50 employees, nonprofits, and state and local governments, to notify CISA if they make a ransom payment.

The committee rejected an amendment by Sen. Rick Scott (R-Fla.) that would limit the scope of ransom payment reporting amendment to critical infrastructure operators. Many GOP members voiced concern that the mandate would prove burdensome to smaller businesses.

Peters said the 50-person threshold was not “carved in stone” and expressed support for an amendment from Portman that would raise it to somewhere between 200 and 500 personnel, a proposal embraced by some Republicans, like Sen. Mitt Romney (Utah).

The committee later adopted Portman’s amendment but didn’t provide an exact figure before adjourning. Lawmakers also adopted by voice vote a Portman amendment that would, among other things, exempt religious organizations from having to report ransom payments.

In addition, the panel also okayed legislation from Peters and Portman that would update the 2014 Federal System Incident Response Act that would require federal civilian agencies to report breaches to CISA and OMB, as well as include new authorities that make CISA the lead agency on cybersecurity incidents affecting federal civilian agency networks.

The measure comes in response to a recent review by the Senate committee on digital defenses within the federal government that found many key agencies lack good cyber hygiene.

Peters said he hoped to hitch the incident reporting legislation to the Senate version of the defense policy roadmap.

The post Senate committee advances major cybersecurity legislation appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] StackOverflow, Twitch, Reddit, others down in Fastly CDN outage

Major websites around the world are either completely down or not loading properly in a global outage. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] The Increased Liability of Local In-home Propagation

All posts, HackerNews

Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the […]

Read More

[HackerNews] Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

All posts, HackerNews

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits. Dubbed “Crackonosh,” the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.